Rate this article: (3 votes, average: 5.00)
Amazon Web Services (AWS), like so many other Amazon product offerings, has catapulted into one of the industry’s leading hosting providers. And while we’re still a few years away from being conscripted into CEO Jeff Bezos’ army of factory pickers — when Amazon eventually supersedes our world’s monolithic governments and claims its place as our foremost religion and ruling body — it wouldn’t hurt to get familiar with the products, services, and capabilities of the world’s largest company on a technical level. This includes understanding how to install an SSL certificate on an AWS EC2 instance.
Now, Amazon is actually its own certificate authority (CA) and can issue its own customers proprietary Amazon SSL certificates that will be trusted by all major browsers and devices. But choosing Amazon’s SSL locks you into a specific type of certificate — one that lacks business authentication and only asserts server identity.
So, short of offering Bezos your first born in return for an Amazon EV certificate, it’s sometimes necessary to acquire a third-party SSL certificate. Of course, Amazon will not abide this blasphemy, and condemns it by not providing any instructions on how to install said third-party SSL certificate.
Tip: You can typically save a significant amount by buying your SSL certificate direct instead of through your web hosting company. We sell PositiveSSL EV certificates for as little as $72.18 per year.Compare EV SSL Certificates
Well fear not. We have the directions on how to add an SSL certificate to an EC2 instance — and it won’t even cost you your progeny. (Well, at least not your first born, we do accept children lower down the line of succession in return for store credit, though.)
What you’ll need before we get started on how to install SSL certificate on AWS EC2 instance…
Got ‘em all? Good. Let’s install this thing…
openssl pkcs12 -in /file-path/source-file.p12 -out /file-path/destination-file.pem
openssl x509 -inform der -in /file-path/source-file.cer -out /file-path/destination-file.pem
Because you need multiple PEM files to perform the next step, you’ll first need to break out the PEM files from the bundle. This can be done manually or using an application such as OpenSSL.
aws iam upload-server-certificate –server-certificate-name my-server- cert –certificate-body file://my-server-certificate.pem –private-key file://my-private-key.pem –certificate-chain file://my-certificate-chain.pem
If you want to see all certificates that are bound to the IAM profile, you can run the following command:
aws iam list-server-certificates
Simply follow those instructions to set up the SSL listener and you’ll have completed all the necessary steps to install your SSL certificate on AWS. Just don’t tell Bezos. He’s got a lot more time on his hands lately — and only half of his assets — so it’s best just to stay off his radar.